Skip to content
Permalink
Browse files
Make sure that when initialize hasn't been called yet for a tenant, t…
…hat authentication fails with 40x status code rather than an internal server error.
  • Loading branch information
mifosio-04-04-2018 committed Apr 29, 2017
1 parent 57dca2e commit 735776fc136f1a0c365b9c4401eae094241408eb
Showing 4 changed files with 38 additions and 7 deletions.
@@ -16,6 +16,7 @@

import io.mifos.anubis.api.v1.client.Anubis;
import io.mifos.anubis.api.v1.client.AnubisApiFactory;
import io.mifos.anubis.api.v1.domain.AllowedOperation;
import io.mifos.anubis.api.v1.domain.Signature;
import io.mifos.anubis.example.simple.Example;
import io.mifos.anubis.example.simple.ExampleConfiguration;
@@ -158,6 +159,20 @@ public void testNonExistentTenant() {
}
}

@Test(expected = InvalidTokenException.class)
public void testAuthenticateWithoutInitialize() {
try (final TenantDataStoreTestContext ignored = TenantDataStoreTestContext.forRandomTenantName(cassandraInitializer)) {

final TenantApplicationSecurityEnvironmentTestRule tenantApplicationSecurityEnvironment
= new TenantApplicationSecurityEnvironmentTestRule(testEnvironment);
final String permissionToken = tenantApplicationSecurityEnvironment.getPermissionToken("bubba", "foo", AllowedOperation.READ);
try (final AutoUserContext ignored2 = new AutoUserContext("bubba", permissionToken)) {
Assert.assertFalse(example.foo());
Assert.fail("Not found exception should be thrown when authentication is attempted ");
}
}
}

private void initialize() {
final TenantApplicationSecurityEnvironmentTestRule tenantApplicationSecurityEnvironment
= new TenantApplicationSecurityEnvironmentTestRule(testEnvironment);
@@ -30,4 +30,7 @@ public interface Example {

@RequestMapping(value = "initialize", method = RequestMethod.DELETE)
void uninitialize();

@RequestMapping(value = "foo", method = RequestMethod.GET)
boolean foo();
}
@@ -54,4 +54,10 @@ public ResponseEntity<Void> uninitialize()
initialized = false;
return new ResponseEntity<>(HttpStatus.OK);
}

@RequestMapping(value = "/foo", method = RequestMethod.GET)
@Permittable(AcceptedTokenType.TENANT)
public ResponseEntity<Boolean> foo() {
return ResponseEntity.ok(false);
}
}
@@ -16,6 +16,7 @@
package io.mifos.anubis.repository;

import com.datastax.driver.core.*;
import com.datastax.driver.core.exceptions.InvalidQueryException;
import com.datastax.driver.core.querybuilder.QueryBuilder;
import com.datastax.driver.core.querybuilder.Select;
import com.datastax.driver.core.querybuilder.Update;
@@ -26,6 +27,7 @@
import io.mifos.anubis.config.TenantSignatureRepository;
import io.mifos.core.cassandra.core.CassandraSessionProvider;
import io.mifos.core.lang.ApplicationName;
import io.mifos.core.lang.ServiceException;
import io.mifos.core.lang.security.RsaKeyPairFactory;
import io.mifos.core.lang.security.RsaPrivateKeyBuilder;
import io.mifos.core.lang.security.RsaPublicKeyBuilder;
@@ -256,13 +258,18 @@ private Optional<Row> getRow(final @Nonnull String timestamp) {
final Session tenantSession = cassandraSessionProvider.getTenantSession();
final Select.Where query = timestampToSignatureQueryMap.computeIfAbsent(timestamp, timestampKey ->
QueryBuilder.select().from(tableName).where(QueryBuilder.eq(TIMESTAMP_COLUMN, timestampKey)));
final Row row = tenantSession.execute(query).one();
final Optional<Row> ret = Optional.ofNullable(row);
ret.map(TenantAuthorizationDataRepository::mapRowToValid).ifPresent(valid -> {
if (!valid)
logger.warn("Invalidated keyset for timestamp '" + timestamp + "' requested. Pretending no keyset exists.");
});
return ret.filter(TenantAuthorizationDataRepository::mapRowToValid);
try {
final Row row = tenantSession.execute(query).one();
final Optional<Row> ret = Optional.ofNullable(row);
ret.map(TenantAuthorizationDataRepository::mapRowToValid).ifPresent(valid -> {
if (!valid)
logger.warn("Invalidated keyset for timestamp '" + timestamp + "' requested. Pretending no keyset exists.");
});
return ret.filter(TenantAuthorizationDataRepository::mapRowToValid);
}
catch (final InvalidQueryException authorizationDataTableProbablyIsntConfiguredYet) {
throw new IllegalArgumentException("Tenant not found.");
}
}

private static Boolean mapRowToValid(final @Nonnull Row row) {

0 comments on commit 735776f

Please sign in to comment.